How to Keep Your Data Safe With Dash

As the premier platform for building, scaling, and deploying data apps in Python, we take stringent measures to ensure our customers can trust us to provide a secure, reliable, and private environment for their data.

All Plotly products are SOC 2 Type II compliant, underlining our dedication to data security. We provide a configurable authentication middleware through our Dash Enterprise product, as well as dash-auth, an HTTP basic auth framework, for Dash open source.

This article will serve as a refresher of our dedication to data security, providing a detailed view of our authentication initiatives and emphasizing the ease of staying safe and secure with Dash.

How Dash safeguards your data

Dash is Plotly’s open source, low-code framework for building interactive and scalable data apps in Python.

With more than two million downloads per month, Dash is a highly popular choice among scores of data scientists, analysts, and engineers looking to scale their models to drive important business decisions.

Dash offers the open-source dash-auth framework, which uses the browser's built-in HTTP authentication framework to add authentication, and compares this with a list of usernames and passwords that can be stored in a separate file or database. If invalid credentials are given, all access to the app is blocked.

Additionally, Dash is also SOC 2 compliant, having undergone strenuous third-party auditing to ensure our product meets with the highest security standards, as identified by the AICPA.

Enhanced data security with Dash Enterprise

Dash Enterprise empowers data teams to develop production-grade data apps. Trusted and used by our customers from domains including Legal, Government, Healthcare, Finance, and more, Dash Enterprise provides everything that’s needed to develop, deploy, and scale low-code data apps.

Dash Enterprise also provides an authentication middleware that allows you to control access to your data apps in just a few clicks. Configured by your administrator, this authentication middleware regulates access by enabling log in through SSO, verifying users’ app access permissions, and passing along information such as usernames and groups.

The authentication middleware, accessible through Dash Enterprise App Manager, saves time and enhances security even more by removing all password handling from your app code. Built-in single-sign-on, supporting LDAP, AD, PingFederate, Okta, SAML, SSO, and simple email authentication, saves you and your users time and effort. And the dash-enterprise-auth package, working with the authentication middleware, makes it easy for you to provide granular data access on a per-user basis. 

Alternatively, you can offer an SSO experience in your Dash apps within an existing application's session management system with Dash Embedded.

Our commitment to your data security

At Plotly, we witness the scale, creativity, and power of the applications our customers build every day. We know that data security is a crucial part of being able to securely and confidently make data-driven decisions.

Our internal teams are strictly required to report known or suspected security incidents or weaknesses. Our engineers are continually trained on the evolving security landscape, from the OWASP Top 10 to emerging vectors like dependency confusion.

We ensure the security of our codebase through peer code reviews, automated security, code quality, and regression tests, and thorough QA before each release, promptly resolving any identified issues. Our applications undergo ongoing testing — internal testing, periodic penetration testing, and an ongoing bug bounty program — and we vigilantly monitor logs to detect and address exceptions and errors.

If you would like to learn more about data security at Plotly, please visit our privacy policy, or reach out to us at info@plotly.com.